Hello,
I am having hard time figuring out how NSS does certificate verification (chain
and all)?
I have a large client base with many different issuers. I want to ensure that
user can log in. Once user is authenticated, I have a single sign on solution
to authorize user.
How I should set up my NSS database? Should the NSS DB just contains, user's
issuers with (trust "T,," or "CT,,") or do I have to store the user root certs
(trust "C,," or "CT,,").
In my testing, having just issuers with ("CT,,") works, is that how I should be
using it? What is the proper guide line? Having all roots in there may
potentially open the authentication to large number of users, thats the concern.
Thanks
M
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
